Encrypting File System

ABSTRACT

A method of decrypting documents is disclosed. A plurality of document may be stored on a file server. A client computer is connected to the file server by a network. A first table contains the names of encrypted documents and, for each document, the name of an associated encryption key. A second table contains an encryption key value associated with an encryption key name. To open an encrypted document, the crypto server retrieves the encryption key name from the first table, retrieves the encryption key value from the second table, and causes the document to be decrypted.

RELATED APPLICATION INFORMATION

This application is a continuation of application Ser. No. 11/382,691filed May 10, 2006; which is a continuation of application Ser. No.10/658,246 filed Sep. 8, 2003, now U.S. Pat. No. 7,096,358; which is acontinuation-in-part of application Ser. No. 09/259,991 filed Mar. 1,1999, now U.S. Pat. No. 6,981,141; which is a continuation-in-part ofapplication Ser. No. 09/074,191 filed May 7, 1998, now U.S. Pat. No.6,185,681, the disclosures of which are incorporated herein byreference.

All of the claims of this Application have priority fromgreat-great-grandparent application Ser. No. 09/074,191 filed May 7,1998, now U.S. Pat. No. 6,185,681.

NOTICE OF COPYRIGHTS AND TRADE DRESS

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. This patent document may showand/or describe matter which is or may become trade dress of the owner.The copyright and trade dress owner has no objection to the facsimilereproduction by anyone of the patent disclosure as it appears in thePatent and Trademark Office patent files or records, but otherwisereserves all copyright and trade dress rights whatsoever.

BACKGROUND

1. Field

The present invention relates generally to cryptographic systems andelectronic document management systems.

2. Description of the Related Art

Global access of electronic information can be critical for even thesmallest of businesses today. Very few companies operate solely withinthe boundaries of a single location or their employee list. Over thelast 25 years technology has rapidly advanced and expanded theseboundaries. The advent of such technologies as the Internet, intranets,extranets, and e mail have made the electronic transfer of informationcommon place in businesses today. Management of business information iscritical to the success of modern businesses. A technology known asElectronic Document Management (EDM) aims to provide organizations withthe ability to find any document, created in any application, by anyone,at any time, dealing with any subject, at any place in the world. EDMincludes managing multiple versions of a document. PC DOCS, Inc.(Burlington, Mass.) is one of the world's leading providers of EDMsolutions. With the advanced technology of EDM comes a wide variety ofinformation that has varying economic values and privacy aspects. Usersmay not know what information is monitored or intercepted or who isusing their computer.

An electronic document management system (EDMS) is a combination ofdatabases, indexes, and search engines utilized to store and retrieveelectronic documents distributed across an organization. An EDMS isdesigned to provide the structure required for an organization toproperly manage and share its electronic document resources.

A wide array of information is typically stored in a company's EDMS.This includes:

-   -   strategic and corporate plans;    -   proprietary product and service information;    -   confidential legal documents;    -   private health information; and    -   private employment information.

As companies increase the efficiency of accessing more information,their security risks also increase. According to a recent survey byErnst & Young LLP:

-   -   74% of the respondents said their security risks have increased        over the prior two years;    -   more than a quarter said that their security risks have increase        at a faster rate than the growth of their computing;    -   55% of the respondents lacked confidence that their computer        systems could withstand an internal attack    -   71% of security professionals are not confident that their        organizations are protected from external attack; and    -   two thirds of the respondents reported losses resulting from a        security breach over the prior two years.

The bottom line is simple—the more information available, the moresecurity needed.

It has been said that “There is no need to break the window of a houseif the front door is unlocked.” This saying certainly applies tocomputer security. The “unlocked doors” in electronic informationsecurity include:

-   -   e mail;    -   electronic document management (including non-EDMS file        systems); and    -   stolen hardware.

One of the fastest growing means of communication today is e mail. It isestimated that over one million e-mail messages pass through theInternet every hour. E mail provides a quick, economical, easy to usemethod of sharing both thoughts and electronic information.Unfortunately, e mail is like an electronic postcard for the world tosee. It is transmitted across the Internet using the Simple MailTransfer Protocol (SMTP). This protocol has virtually no securityfeatures. Messages and files can be read by anyone who comes intocontact with them.

The number of documents managed by organizations increases daily.Knowledge is becoming the most important product for companies today. AsEDM enhances a company's productivity and efficiency to manage thatknowledge it also exposes that company to unauthorized access to thatknowledge. The typical EDMS solely relies on password protection forsecurity.

The value of the approximately 265,000 portable computers (laptops,notebooks, palmtops) reported stolen in 1996 was $805 million, a 27%increase from 1995. However, the data on these portable computers isworth much more than the hardware itself. It is critical that the datastored on any type of hardware, whether it is a desktop computer,portable computer or server, must be properly secured from anyunauthorized access.

Some of the “locks” used for electronic information security include:

-   -   passwords,    -   firewalls,    -   smart cards, and    -   encryption.

Passwords are often used to prevent unauthorized individuals fromaccessing electronic data. Passwords may also be used to link activitiesthat have occurred to a particular individual. The problem withpasswords is that if any unauthorized party steals or guesses apassword, the security of the computer system may be severelycompromised. Passwords are wholly inadequate for file archiving.

Systems using firewalls prevent intruders from accessing the firm'sinternal systems. Password-based firewall systems do not providepositive user identification nor do they protect electronic data that isstored on a server, has left the firm on a portable computer, is sentvia e mail over the Internet, or is stored on a floppy disk.

The typical smart card is a self contained, tamper resistant, creditcard size device that serves as a storage device and is equipped with anintegrated microprocessor chip and non-volatile electronic memory. Thesmart card processes information on the integrated microprocessor chip.Security is enhanced because the user must have the smart card alongwith the user's confidential information (e.g., a password) to gainaccess to their computer files. Passwords are kept off computer hostsand on the smart card to enhance security. Smart cards typically canonly be accessed with a user defined password. Many smart cards includea lock-out feature so that failed attempts at the smart card passwordwill lock the card out to prevent any unauthorized or fraudulent use ofthe smart card. ISO 7816 compliant smart cards and smart card readersfollow industry standards.

Increasingly, information technology professionals are turning toencryption technologies to ensure the privacy of business information.Encryption can provide confidentiality, source authentication, and dataintegrity. Unfortunately encryption generally is cumbersome anddifficult to use. A major obstacle for the implementation of encryptiontechnologies has been their disruption to the users' workflow.

Encryption is a process of scrambling data utilizing a mathematicalfunction called an encryption algorithm, and a key that affects theresults of this mathematical function. Data, before becoming encrypted,is said to be “clear text.” Encrypted data is said to be “cipher text.”With most encryption algorithms, it is nearly impossible to convertcipher text back to clear text without knowledge of the encryption keyused. The strength of the encrypted data is generally dependent upon theencryption algorithm and the size of the encryption key.

There are two types of encryption: symmetric (private key) andasymmetric (public key).

Private key encryption uses a common secret key for both encryption anddecryption. Private key encryption is best suited to be used in trustedwork groups. It is fast and efficient, and properly secures large files.The leading private key encryption is DES (Data Encryption Standard).DES was adopted as a federal standard in 1977. It has been extensivelyused and is considered to be strong encryption. Other types of privatekey encryption include: Triple-DES, IDEA, RC4, MD5, Blowfish and TripleBlowfish.

Public key encryption uses a pair of keys, one public and one private.Each user has a personal key pair, and the user's public (or decryption)key is used by others to send encrypted messages to the user, while theprivate (or decryption) key is employed by the user to decrypt messagesreceived. Public key encryption and key generation algorithms includethe public domain Diffie Hellman algorithm, the RSA algorithm inventedby Riverst, Shamir and Adleman at the Massachusetts Institute ofTechnology (MIT), and the Pretty Good Privacy algorithm (PGP) developedby Phil Zimmermann. Because of their mathematical structure, public keyencryption is slower than most private key systems, thus making themless efficient for use in a trusted network or for encrypting largefiles.

Although these private key and public key encryption algorithms do agood job at maintaining the confidentiality of the encrypted matter,they have numerous problems. The biggest obstacle to adoption of anytype of encryption system has been ease of use. Typical encryptionsystems are very cumbersome. They require a user to interrupt theirnormal work flow, save their clear text document, activate the separateencryption software, and save the cipher text document under a differentname. Where the subject document is ordinary e-mail contents, theprocess is especially cumbersome, because the clear text must first becreated in a separate application, then encrypted, then attached to thee-mail message.

A major concern in computing today is “total cost of ownership,” or TCO.TCO recognizes that while a program might be inexpensive (or even freein the case of PGP for non-commercial use), there are significant costsin using the software. This includes the cost of installation, training,lost productivity during use and from bugs, and maintenance.

Even where one of the typical encryption systems might satisfy a user'sTCO needs, they may not even be an available option. For example,typical EDMSes are self-contained and are not compatible with typicalencryption systems.

It is therefore the object of the invention to provide a documentencryption and decryption system which solves these problems. It is afurther object to provide a document encryption and decryption systemwhich works with minimal disruption of a user's normal workflow. It is afurther object to provide a document encryption and decryption systemwhich is compatible with EDMSes. It is a further object to provide adocument encryption and decryption system which minimizes TCO. It is afurther object to provide a document encryption and decryption systemwhich takes advantage of the features of smart cards which are notavailable from pure on-line security systems.

DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a computer network in accordance with theinvention.

FIG. 2 is a block diagram of a general purpose computer in accordancewith the invention.

FIG. 3 is a functional block diagram of a cryptographic system inaccordance with the invention.

FIG. 4 is a flowchart of an encryption process in accordance with theinvention.

FIG. 5 is a flowchart of a decryption process in accordance with theinvention.

These and additional embodiments of the invention may now be betterunderstood by turning to the following detailed description wherein anillustrated embodiment is described.

DETAILED DESCRIPTION

Throughout this description, the embodiments and examples shown shouldbe considered as exemplars, rather than limitations on the apparatus andmethods disclosed or claimed.

FIG. 1 shows a local area network (LAN) 100. To network communicationlines 160 are coupled a number of workstations 150 a, 150 b, 150 c, 150d. A number of file servers 120 a, 120 b also are coupled to the networkcommunication lines 160. The network communications lines 160 may bewire, fiber, or wireless channels as known in the art. A user at any ofthe workstations 150 preferably may log on to at least one file server120 as known in the art, and in some embodiments a workstation 150 maybe logged on to multiple file servers 120. One or more remoteworkstations 170 may be provided for dial-in access to the server 120 athrough the public switched telephone network 130 or other remote accessmeans. Network printers 140 a, 140 b are also provided for printingdocuments. The network 100 may also include hubs, routers and otherdevices (not shown).

FIG. 2 shows a general purpose computer 200 which is representative ofthe workstations 150 and file servers 120. The computer 200 preferablyincludes an Intel Corporation (San Jose, Calif.) processor 255 and runsa Microsoft Corporation (Redmond, Wash.) Windows operating system. Inconjunction with the processor 255, the computer 200 has a short termmemory 250 (preferably RAM) and a long term memory 280 (preferably ahard disk) as known in the art. The computer 200 farther includes a LANinterface 215, a display 205, a display adapter 220, a keyboard 230, amouse 240, a smart card reader 260 and a bus 210 as known in the art.

The smart card reader 260 preferably complies with ISO 7816, a standardavailable from the American National Standards Institute (ANSI). Tointerface the smart card reader 260 to the computer's Windows operatingsystem and other software, the computer 200 preferably includes an APIprovided by the smart card reader manufacturer. Alternatively, thecomputer 200 may include Microsoft's smart card API—SCard COM, availableat www.microsoft.com/smartcard.

A user's smart card 265 preferably stores a unique user ID and passwordand a definable hierarchy of encryption keys. The hierarchy preferablyforms a table wherein a key name is associated with each key value inthe table, and the table may store both encryption keys and decryptionkeys as necessary for the selected cryptographic algorithms. It shouldbe appreciated that, in private key cryptography, the same key value isused for both encryption and decryption.

Although something as simple as a user ID/password scheme could be usedwith the keys stored in the disk 280 or memorized by the user, a datareader device and portable data storage device such as the smart cardreader 260 and smart card 265 are preferred. Instead of the smart cardreader 260 and smart card 265, there could be provided, for example, abiometric recognition system, wireless identification devices, hand heldtokens, etc. Preferably, the portable data storage device can securelystore one or more encryption and decryption keys. However, a biometricrecognition system may provide key selection based on inherent biometricfeatures, eliminating the need to actually store keys in a componentexternal to the computer 200. Where the portable data storage device isused solely as a source of positive identification (i.e.,authentication), the keys may be stored on the 120 file server forexample and accessed through a certificate mechanism.

Before proceeding, a few terms are defined. By “file server” it is meanta computer which controls access to file and disk resources on anetwork, and provides security and synchronization on the networkthrough a network operating system. By “server” it is meant hardware orsoftware which provides network services. By “workstation” it is meant aclient computer which routes commands either to its local operatingsystem or to a network interface adapter for processing and transmissionon the network. By “client” it is meant software which is serviced by aserver. A workstation may function as a server by including appropriatesoftware, and may be for example, a print server, archive server orcommunication server. By “software” it is meant one or more computerinterpretable programs and/or modules related and preferably integratedfor performing a desired function. By “document” it is meant a named,structural unit of text, graphics and/or other data that can be stored,retrieved and exchanged among systems and users as a separate unit.

Referring now to FIG. 3, there is shown a conceptual block diagram ofseveral functional units relevant to the invention which operate withinthe file server 120 and workstation 120. The workstation 150 includes atleast one application 350. The application 350 is a collection ofsoftware components used to perform specific types of user-oriented workand may be, for example, a graphic editor, a word processor or aspreadsheet.

As is typical in the art, the workstation 150 obtains access to the fileserver 120 through a user ID and password system which extends to thefile system on the file server 120. The file server has an access server315 for handling the filer server's user authentication and accesscontrol duties, and the workstation 150 include an access client 310through which a user signs on to the file server 120. In the preferredembodiment, the access server 315 is a part of Windows NT Server, andthe access client 310 is a part of Windows 95 and Windows NTWorkstation. Other operating systems such as Unix and Novell Netwarealso include access servers and access clients for providing userauthentication and file level security.

Within the file server 120 there is preferably an EDM server 310. Tointerface with the EDM server 325, the workstation 150 includes an EDMclient 320, sometimes referred to as an “EDM plug-in.” The EDM server325 controls an EDM database 345 and EDM indexes (not shown), andpreferably provides EDM search engines. The EDM database 345 itself maybe distributed, for example across file systems and file servers, andmay be entirely or partially in the workstation 150. The EDM server 325may include a database server such as a SQL server for interfacing tothe EDM database 345. The EDM client 320 provides the workstation withan interface to the EDM server and therefore allows access by a user atthe workstation 150 to the EDM database 345, indexing and searchservices provided by the EDM server 325.

The EDMS of the preferred embodiment is SQL-based. Thus, the EDMdatabase 345 comprises a SQL database, the EDM server 325 comprises aSQL server, and the EDM client 320 comprises a SQL plug-in. The SQLdatabase stores file and file location information. A “repository,”which could be considered part of the EDM database 345, stores thefiles, and is managed and distributed using techniques known in the art.In older EDM systems, the SQL plug-in comprises special software whichadapted particular popular applications for use with the EDMS. However,with the promulgation of the Open Document Management Architecture(ODMA) specification, applications are available which operateseamlessly with many contemporary EDM systems. Under ODMA, the EDMplug-in registers itself so that it handles file I/O.

The EDM server 325, EDM database 345 and EDM client 320 are describedherein as wholly separate from the respective operating systems of thefile server 120 and workstation 150. However, much if not all of the EDMserver 325, EDM database 345 and EDM client 320 could be fullyintegrated into and even become a part of the respective operatingsystems. In such an embodiment, the EDMS is just another part of anoperating system's general file and data management features.

As can be seen, the access server 315 and the access client 310functionally reside between the EDM server 325 and the EDM client 320,thereby separating the EDM server 325 and EDM client 320 with a measureof security. This aspect of FIG. 3 is the typical prior artconfiguration, and it provides file-level security for documents in theEDM database 345 controlled by the EDM server 325.

Positioned functionally between the application 350 and the EDM client310 is a crypto server 330. In typical prior art systems, theapplication 350 would communicate directly with the EDM client 310.However, in accordance with the invention, the crypto server 330 isfunctionally disposed between the application 350 and the EDM client310, and intercepts or traps I/O requests by the application whichotherwise would be intercepted or trapped by the EDM client 310.

The crypto server 330 of the invention is a software module whichtransparently handles the encryption of documents and the decryption ofencrypted documents, making encryption and decryption simple and easy touse. The crypto server 330 handles encryption and decryption withoutrequiring user input and without normally displaying status informationduring normal encryption and decryption operations. Preferably, the useror a system administrator may establish a system-level configurationdeterminative of when error messages should be displayed. Preferably,also, the system administrator may create and maintain a fileadministration table in the EDM database 345 which defines criteria forwhich files are to be encrypted and which key to use. The crypto server330 utilizes the file administration table, for example, to determine ifa new file should be encrypted, and which encryption key to use toencrypt the new file. The crypto server 330 preferably utilizes andupdates an encrypted files table in the EDM database 345 which listseach encrypted file.

The crypto server 330 may itself comprise a number of functional units.For example, the crypto server 330 preferably includes interfaces to oneor more cryptographic systems, such as those described in theDescription of the Related Art section above. The crypto server 330preferably also includes an interface to the smart card reader 260 (FIG.2) for reading the smart card 265. The smart card 265 preferably is usedto keep the encryption and decryption keys separate from the workstation150 and provide positive user identification. The crypto server 330 alsoworks with the access client 310 in performing user authentication andaccess. In particular, the typical prior art user access process isenhanced by requiring that the user enter a user ID and password whichare stored on the user's smart card 265.

Turning now to FIG. 4, there is shown a flowchart of the encryptionprocess in accordance with the invention. After the process begins (step405), it is preferred that the user submit to authentication by theaccess client 310 and access server 315 (step 410). The authenticationstep is preferably performed when the user signs onto the workstation150. Preferably, the user must insert his smart card 265 into the smartcard reader 260 and enter the user ID and password stored on the smartcard 265. Once authenticated, the smart card 265 then makes available,as needed, the encryption and decryption key information stored therein.

At some point after the user has been authenticated, the user will beworking on a document in the application 350, and at some point issue a“close,” “save” or “save as” command as known in the art (step 415). Thecommand is then translated into an “event” (step 420), and the cryptoserver 330 traps this event (step 425). Techniques for translatingcommands into events and trapping events are well known in the art andare typically different for each operating system. In Windows, the eventtranslation step comprises generating an event message.

The trapped event has the effect of alerting the crypto server 330 thatit may be necessary to encrypt the document. However, preferably beforeencrypting the document, the crypto server 330 tests whether thedocument should be encrypted (step 430). Preferably, at least threedifferent tests are performed.

In the first test, the crypto server 330 tests whether the user has beenauthenticated. The first test is relatively simple. Where the smart card265 or similar means is used for storing keys, this test is necessarybecause the keys will not even be available unless the user wasauthenticated.

In the second test, the crypto server 330 tests whether the document wasalready encrypted when it was opened by the application 350. By default,a document which was already encrypted when opened should be encryptedwhen closed or saved.

In the third test, the crypto server 330 tests whether the EDM database345 has an indicator that the document should be encrypted. As describedabove, the EDM database 345 includes a list of encrypted documents in anencrypted files table. The EDM database 345 preferably also includescriteria for new documents which indicate whether new documents, whenthe criteria are met, should be encrypted. The criteria are preferablystored in the file administration table described above. To perform thethird test, the crypto server 330 passes a database query to the EDMclient 320 to have the EDM server 325 query the EDM database 345. Forexisting files, the query is directed to the encrypted files table. Fornew files, the query is directed to the file administration table. TheEDM server 325 then passes the results of the test back to the EDMclient 320, which provides the test results to the crypto server 330.

If for any reason the document is not to be encrypted, then the cryptoserver 330 passes control to the EDM client 320 which performs the“close,” “save” or “save as” command on the unencrypted document.Alternatively, the decision not to encrypt, for one or more reasons, mayresult in an error message being displayed to the user, and may resultin the document not being closed or saved. At this point, for documentswhich are not to be encrypted, the method is complete (step 445).

If, in step 430, the document is to be encrypted, then the crypto server330 preferably obtains an encryption key name which is associated withthe document (step 450).

The crypto server 330 then uses the encryption key name to retrieve anencryption key value which is associated with the encryption key name(step 455). For most encryption algorithms, the encryption key is amulti-digit number which is difficult to remember and even difficult totranscribe. The encryption key name is preferably an alphanumericdescriptor which may be used by the user and/or system administrator foradministering the encryption key value. Preferably, the encryption keyvalue is also related to the identity of the user, and this isaccomplished by retrieving the encryption key value from the key tablestored in the smart card 265 which is associated with the relevantencryption key name.

Once the crypto server 330 has the encryption key value, the cryptoserver 330 then encrypts the document with the encryption key value(step 460), and passes control to the EDM client (step 435) so that thedocument may be saved (step 440). At this point, for documents which areto be encrypted, the method is complete (step 445).

Turning now to FIG. 5, there is shown a flowchart of the decryptionprocess in accordance with the invention. After the process begins (step505), it is preferred that the user submit to authentication (step 510).Authentication (step 505) preferably is the same for encryption anddecryption.

At some point after the user has been authenticated, the user will wishto open a document into the application 350 (step 515). The file opencommand may be issued from within the application 350 or may be issuedby a second application, with the nature of the document such that theapplication 350 will actually open the document and provide access tothe document's contents. In any case, once the user selects a documentto be opened, an “open” command is issued (step 517). The open commandis then translated into an event (step 520), and the crypto server 330traps this event (step 525).

The trapped event has the effect of alerting the crypto server 330 thatit may be necessary to decrypt the document. However, preferably beforedecrypting the document, the crypto server 330 tests whether thedocument should be decrypted (step 430). Preferably, these tests arecomplimentary to those described above with respect to the encryptionprocess.

If for any reason the document is not to be decrypted, then the cryptoserver 330 passes control to the EDM client 320 which performs the“open” command. Alternatively, the decision not to decrypt, for one ormore reasons, may result in an error message being displayed to theuser, and may result in the document not being opened. At this point,for documents which are not to be decrypted, the method is complete(step 545).

If, in step 530, the document is to be decrypted, then the crypto server330 preferably obtains a decryption key name which is associated withthe document (step 550). The decryption key name is preferably obtainedfrom the file's header or from the encrypted files table.

The crypto server 330 then uses the decryption key name to retrieve adecryption key value which is associated with the decryption key name(step 555). Preferably, the decryption key value, like the encryptionkey value, is also related to the identity of the user, and this isaccomplished by retrieving the decryption key value from the key tablestored in the smart card 265 and associated with the decryption keyname.

Once the crypto server 330 has the decryption key value, the cryptoserver 330 then decrypts the document with the decryption key value(step 560), and passes control to the EDM client (step 535) so that thedecrypted copy of the document may be opened into the application (step540). At this point, for documents which are to be decrypted, the methodis complete (step 545).

Although exemplary embodiments of the present invention have been shownand described, it will be apparent to those having ordinary skill in theart that a number of changes, modifications, or alterations to theinvention as described herein may be made, none of which depart from thespirit of the present invention. All such changes, modifications andalterations should therefore be seen as within the scope of the presentinvention.

1. A process of decrypting documents comprising: providing a file serverfor storing a plurality of documents having respective names providing aclient computer interconnected with the file server by a network, theclient computer comprising a crypto server for causing documents to bedecrypted providing a first table having the names of encrypteddocuments stored on the file server for each of the names of encrypteddocuments in the first table, a key name associated with a decryptionkey value for the encrypted document detecting an open command for agiven document issuing from an application operative on the clientcomputer in response to the open command, the crypto server using thefirst table to determine if the given document should be decrypted ifthe given document should be decrypted, the crypto server thenretrieving the key name associated with the name of the given documentfrom the first table retrieving a decryption key value associated withthe key name from a second table, the second table having at least onedecryption key value causing the given document to be decrypted.
 2. Theprocess of decrypting documents of claim 1, wherein the first tablefurther includes the names of unencrypted documents stored on the fileserver for each document, an associated indicator if the document isencrypted or unencrypted the action of using the first table todetermine if the given document should be decrypted comprises using theindicator associated with the given document to determine if the givendocument is encrypted.
 3. The process of decrypting documents of claim1, wherein the second table is stored on a portable data storage device.4. The process of decrypting documents of claim 2, wherein the portabledata storage device is a smart card.
 5. A document management systemcomprising: a file server for storing a plurality of documents havingrespective names a client computer interconnected with the file serverby a network, the client computer comprising a processor memory coupledto the processor a data storage device storing computer-interpretableinstruction for causing the client computer to perform actions includingoperating an application program providing a crypto server for causingdocuments to be decrypted detecting an open command issued from theapplication program for a given document in response to the opencommand, the crypto server using a first table to determine if the givendocument should be decrypted, wherein the first table includes the namesof encrypted documents stored on the file server for each of the namesof encrypted documents in the first table, a key name associated with adecryption key value for the encrypted document if the given documentshould be decrypted, the crypto server then retrieving the key nameassociated with the name of the given document from the first tableretrieving a decryption key value associated with the key name from asecond table, the second table having at least one decryption key valuecausing the given document to be decrypted.
 6. The document managementsystem of claim 5, wherein the first table further includes the names ofunencrypted documents stored on the file server for each document, anassociated indicator if the document is encrypted or unencrypted theaction of using a first table to determine if the given document shouldbe decrypted comprises using the indicator associated with the givendocument to determine if the given document is encrypted.
 7. Thedocument management system of claim 5, wherein the second table isstored on a portable data storage device.
 8. The document managementsystem of claim 7, wherein the portable data storage device is a smartcard.
 9. A process of decrypting documents comprising: providing a fileserver for storing a plurality of documents having respective namesproviding a client computer interconnected with the file server by anetwork providing a first table having the names of the plurality ofdocuments stored on the file server an associated key name for each ofthe plurality of documents that is encrypted in response to an opencommand for a given document issuing from an application operative onthe client computer, using the first table to determine if the documentis encrypted if the given document is encrypted, then retrieving the keyname associated with the given document from the first table retrievinga decryption key value associated with the key name from a second tablecausing the given document to be decrypted.
 10. The process ofdecrypting documents of claim 9, the first table further including, foreach document, an associated indicator if the document is encrypted orunencrypted.
 11. The process of decrypting documents of claim 9, whereinthe second table is stored on a portable data storage device.
 12. Theprocess of decrypting documents of claim 11, wherein the portable datastorage device is a smart card.
 13. A document management systemcomprising: a file server for storing a plurality of documents havingrespective names a client computer interconnected with the file serverby a network, the client computer comprising a processor memory coupledto the processor a data storage device storing computer-interpretableinstruction for causing the client computer to perform actions includingoperating an application program in response to an open command for agiven document issuing from the application program, using a first tableto determine if the given document is encrypted, wherein the first tableincludes the names of the plurality of documents stored on the fileserver an associated key name for each of the plurality of documentsthat is encrypted if the given document is encrypted, then retrievingthe key name associated with the given document from the first tableretrieving a decryption key value associated with the key name from asecond table causing the given document to be decrypted.
 14. Thedocument management system of claim 13, the first table furtherincluding, for each document, an associated indicator if the document isencrypted or unencrypted.
 15. The document management system of claim13, wherein the second table is stored on a portable data storagedevice.
 16. The document management system of claim 15, wherein theportable data storage device is a smart card.
 17. A process ofdecrypting documents comprising: providing a file server for storingdocuments having respective names, each document being encrypted orunencrypted providing a client computer interconnected with the fileserver by a network providing a first table having the names of at leasta portion of the documents stored on the file server an associated keyname for each encrypted document named in the first table in response toan open command for a given document issuing from an applicationoperative on the client computer, using the first table to determine ifthe given document is encrypted if the given document is encrypted, thenretrieving the key name associated with the given document from thefirst table retrieving a decryption key value associated with the keyname from a second table causing the given document to be decrypted. 18.The process of decrypting documents of claim 9, the first table furtherincluding, for each document named in the first table, an associatedindicator if the document is encrypted or unencrypted.
 19. The processof decrypting documents of claim 9, wherein the second table is storedon a portable data storage device.
 20. The process of decryptingdocuments of claim 11, wherein the portable data storage device is asmart card.
 21. A document management system comprising: a file serverfor storing documents having respective names, each document beingencrypted or unencrypted a client computer interconnected with the fileserver by a network, the client computer comprising a processor memorycoupled to the processor a data storage device storingcomputer-interpretable instruction for causing the client computer toperform actions including operating an application program in responseto an open command for a given document issuing from the applicationprogram, using a first table to determine if the given document isencrypted, wherein the first table includes the names of at least aportion of the documents stored on the file server an associated keyname for each encrypted document named in the first table if the givendocument is encrypted, then retrieving the key name associated with thegiven document from the first table retrieving a decryption key valueassociated with the key name from a second table causing the givendocument to be decrypted.
 22. The document management system of claim21, the first table further including, for each document named in thefirst table, an associated indicator if the document is encrypted orunencrypted.
 23. The document management system of claim 22, wherein thesecond table is stored on a portable data storage device.
 24. Thedocument management system of claim 23, wherein the portable datastorage device is a smart card.